HP Security Research OSINT (OpenSource Intelligence) articles of interest--March 28, 2014

 Key articles of interest

 

Security for Facebook
Protecting the internal network, as well as the users of Facebook, is an unenviable task. Facebook users are constantly the targets of all manners of phishing, malware and other attacks—and the company’s own network is a major prize for attackers, as well. To help better defend those assets, Facebook’s security team has built an internal framework known as ‘ThreatData’ that sucks up and processes massive amounts of threat information and helps the company respond more quickly to emerging threats.

Understanding online threats with ThreatData
“Helping keep the Internet free of threats is a huge challenge that has never been more important. For us to do our part effectively, we must continually search for new types of attacks and deeply understand existing ones. Given the pace of criminals today, one of the hard parts is actually keeping track of all the data related to malware, phishing, and other risks. We wanted an easier way to organize our work and incorporate new threat information we receive, so that we can do more to protect people.”

Siesta Campaign - Nothing is what it seems
A few weeks ago, Trend Micro published the following post: The Siesta Campaign: A New Targeted Attack Awakens. Here, they share their research about a targeted attack suffered by all kinds of industries: Energy, Finance, Health care, Public administration… Some days after that, FireEye published in their blog, a post called, A Detailed Examination of the Siesta Campaign, where they accuse both the APT1 group and one other that uses the same tactics and tools as the guilty party of these attacks.

Markets for cybercrime tools and stolen data
Markets are good because they facilitate economic efficiency, but when that efficiency facilitates criminal activity, such “black markets” can be deemed harmful. Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets in both the tools (e.g., exploit kits) and the take (e.g., credit card information). As with most things, intent is what can make something criminal or legitimate, and there are cases where goods or services can be used for altruistic or malicious purposes (e.g., bulletproof hosting and zero-day vulnerabilities).

This report describes the fundamental characteristics of these markets and how they have grown into their current state in order to give insight into how their existence can harm the information security environment.

How to Use Threat Intelligence with Your SIEM?
From the author: “SIEM and Threat Intelligence (TI) feeds are a marriage made in heaven! Indeed, every SIEM user should send technical TI feeds into their SIEM tool. We touched on that subject several times, but in this post will look at in in depth. Well, in as much depth as possible to still make my future paper on the topic a useful read.”

 

How to Make Better Threat Intelligence Out of Threat Intelligence Data?
“One of the key uses for threat intelligence (TI) data is making better threat intelligence data out of it. Some people go fancy and call it “threat intel fusion” and I like the term, maybe because it has not been hijacked by the marketers yet.

So, threat intelligence fusion. I define this as simply a process of making better intelligence out of existing intelligence by enriching, linking, validating, contextualizing and otherwise growing the depth or breadth of available threat intelligence data sets.” –Anton Chuvakin

Threat Modeling a Retail Environment
This paper looks at a typical, large retail environment and builds a threat model on top of that environment. Given the threats that the team identified, the paper suggests some appropriate mitigations.

Full Disclosure Gets a Second Life
“’The report of my death was an exaggeration,’ wrote Mark Twain to the New York Times over a century ago. So it could also be said of Full Disclosure, the popular listserv used by researchers finding software vulnerabilities.”

New WinRar File extension spoofing vulnerability targets Fortune 500 and Aerospace companies
“According to IntelCrawler, a cyber threat intelligence firm based in Los Angeles, a new WinRar extension spoofing vulnerability helps the bad actors to efficiently distribute malicious code. The used technique allows them to hide binary malicious code under peaceful file formats with extensions such as .PNG, .JPEG and even.TXT.

The victim receives a traditional file archive, having absolutely no idea that the malware is hidden there, as it can have no password protection or any other suspicious visible signs.”

 

The good hacker: the wonderful life and strange death of Barnaby Jack
“From schoolboy dropout to world-famous hacker, Auckland-born Barnaby Jack lived hard and died young. On the way, he changed the technological world.

The Jägermeister shot glasses are piling up along with the stories in the outside bar of Galbraith’s in Mt Eden Rd. It’s a stormswept Sunday in January, the six-month anniversary of the death of Barnaby Jack. A dozen of his friends are here to remember him in a pub he loved.”

Two-factor authentication – a handy list of who offers it (and who doesn’t)
“A new website has been created, urging more services to offer two-factor authentication.

The good news is that more and more websites are integrating two-factor authentication (2FA), offering their users a higher level of protection over their accounts. But there’s clearly more who need to jump on the bus.”

WordPress hosting: Do not try this at home!
“Compromised WordPress blogs were used to host nearly 12,000 phishing sites in February. This represents more than 7 [percent] of all phishing attacks blocked during that month, and 11[percent] of the unique IP addresses that were involved in phishing.

WordPress blogs were also responsible for distributing a significant amount of web-hosted malware — more than 8 [percent] of the malware URLs blocked by Netcraft in February were on WordPress blogs, or 19 [percent] of all unique IP addresses hosting malware.”

Journalists, media under attack from hackers: Google researchers
“Twenty-one of the world’s top–25 news organizations have been the target of likely state-sponsored hacking attacks, according to research by two Google security engineers.”

“The attacks were launched by hackers either working for or in support of a government, and were specifically targeting journalists, Huntley and co-author Morgan Marquis-Boire said in interviews. Their paper was presented at a Black Hat hackers conference in Singapore on Friday.”

FireEye: Less Than Zero: A Survey of Zero-day Attacks in 2013 and What They Say About the Traditiona...
“Of all the hazards confronting enterprise IT systems, zero-day vulnerabilities are among the most pernicious and dangerous. By definition, they are unknown and unpredictable, exposing systems of even the most diligent users and administrators.

Zero-day vulnerabilities are software flaws that leave users exposed to cyber attacks before a patch or workaround is available. Sometimes, a zero-day vulnerability is unknown to anyone but a cyber attacker (or a supplier who sells zero-day discoveries on the black market). In other cases, the software vendor knows about the vulnerability but has not yet issued a fix.”

Prezi Got Pwned: A Tale of Responsible Disclosure
Generally, security engineers receive three types of emails: Readable, Archivable, and Mutable. There is the one email, however, that belongs in a category of its own…

 

Communicating Risk to Executive Leadership
“’I don’t get it!’ said the CEO as he dropped the 300 page report on the conference table.  Something was very wrong.


It was 2010 and my team had just completed a large, enterprise risk assessment for a financial services company.  We followed a traditional assessment methodology and delivered a robust report filled with worksheets, diagrams, charts, graphs, and detailed explanations of risk…none of which made a bit of sense to the executive leadership.  The CEO threw the report down on the table and dismissed all our work.”

 

Home Location Identification of Twitter Users
“We present a new algorithm for inferring the home location of Twitter users at different granularities, including city, state, time zone or geographic region, using the content of users’ tweets and their tweeting behavior. Unlike existing approaches, our algorithm uses an ensemble of statistical and heuristic classifiers to predict locations and makes use of a geographic gazetteer dictionary to identify place-name entities…Experimental evidence suggests that our algorithm works well in practice and outperforms the best existing algorithms for predicting the home location of Twitter users.”

Nakamoto’s Neighbor: My Hunt For Bitcoin’s Creator Led To A Paralyzed Crypto Genius
“I’ve just asked him if he was involved in the creation of Bitcoin. The 57-year-old man’s almost imperceptible eye movement is his only way of telling me that he was not, and that I’ve spent the last week caught in the same futile windmill-tilting that has ensnared so many other reporters trying to solve the puzzle of Bitcoin’s mysterious creator known only as Satoshi Nakamoto.”

Why Your Data Breach Is My Problem - THE RISKS OF RELYING ON “PRIVATE” INFORMATION THAT CANNOT BE KE...
“Modern commerce is increasingly conducted online, allowing vendors to offer a wide variety of goods and services around the clock and from any location. As a result, hundreds of millions of users are registered with dozens of diverse online services.

For authentication, users typically rely on only a small number of unique personal information attributes. The same information attributes are used in several places and inevitably are lost, in large numbers, through data breaches.”

 

Security Fatigue? Shift Your Paradigm
“Software security is the fastest growing paradigm in the IT security field, and the Building Security in Maturity Model (BSIMM) project offers real-world measurement for assessment.
 
Computer security is currently all over the news, and mostly for all the wrong reasons…For all of the money spent on IT security to date, cybersecurity problems only seem to be growing. What is going on?”

 

Why Cyber War Will Not and Should Not Have Its Grand Strategist
Cyber war has no shortage of advocates. “But as Colin Gray recently observed, ‘When historians in the future seek to identify a classic book or two on cyber power written in the 1990s and 2000s, they will be hard pressed to locate even the shortest of short-listable items.’”

Labels: HP| HPSR| security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.